Annual Report to Parliament on the Administration of the Privacy Act - 2011-2012
Table of Contents
Part A:Foreign Affairs and International Trade
Part B: Passport Canada
- Introduction
- Administration of Requests
- Disclosure of Personal Information
- Complaints and Investigations
- Administration of Personal Information
- Internal Operations
- Annex A: Designation Order
- Annex B: 2011-2012 Statistical Report
Introduction
We are pleased to table the Annual Report to Parliament on the administration of the Privacy Act for fiscal year 2011-2012, as required under subsections 72(1) and 72(2).
Purpose of the Privacy Act
The Privacy Act provides Canadian citizens and individuals present in Canada the right to seek access to their personal information that is held by the federal government. It also governs the collection, use, disclosure, retention and disposal of personal information.
Departmental Mandate
On behalf of the Government of Canada, the Department of Foreign Affairs and International Trade is Canada’s face and voice to the world, working to advance Canada’s political and economic interests in the international community as well as to apply Canadian experience to help address global issues.
The Department's legal mandate, as set out in the Department of Foreign Affairs and International Trade Act, RSC 1985, c. E-22, is to:
- conduct all diplomatic and consular relations on behalf of Canada;
- conduct all official communication between the Government of Canada and the government of any other country and between the Government of Canada and any international organization;
- conduct and manage international negotiations as they relate to Canada;
- coordinate Canada's economic relations;
- foster the expansion of Canada's international trade;
- coordinate the direction given by the Government of Canada to the heads of Canada's diplomatic and consular missions and to manage these missions;
- administer the foreign service of Canada;
- foster the development of international law and its application in Canada's external relations.
In addition, Passport Canada which is a Special Operating Agency of Foreign Affairs and International Trade Canada is responsible for issuing, refusing, revoking and withholding Canadian passports, in addition to administering their use and recovery. Passport Canada supervises all matters relating to Canadian travel documents and provides guidance to Canadian government offices abroad, enabling them to issue passports. Besides serving the public directly, Passport Canada also works with national and international police authorities, security agents, border officials and any federal, provincial and territorial authorities that provide identification documents.
The Minister of Foreign Affairs is also responsible for the Export and Import Permits Act, RSC 1985, c. E-19, which authorizes the government to control and monitor the transborder flow of specified goods, and for the Special Economic Measures Act, 40-41 Elizabeth II, c. 17, which authorizes the government to apply economic sanctions in response to a serious threat to international peace and security.
The Department also provides administrative support to other government departments with personnel abroad.
Delegated Authorities
Under Section 73 the Act, the Minister’s authority is delegated to enable the Department to meet its legislated requirements as well as exercise its powers. Since October 2009 responsibility for all sections of the Act was delegated to the Deputy Ministers, to the Corporate Secretary, to the Director of the Access to Information and Privacy Protection Division, to the Deputy Directors of the ATIP Office, as well as to Heads of Mission but only as it relates to disclosure under section 8(2)(m) of the Privacy Act. (See Annex A)
In addition, Passport Canada as a special operating agency obtained its own ATIP delegated authority to respond to requests under both the Access to Information Act and Privacy Act as they relate to its passport records. This delegation came into effect on April 1, 2011.
Organizational Structure
The Access to Information and Privacy Protection Division (ATIP Office) is responsible for the administration of the ATIA, including the processing of requests and consultations. The Director of the ATIP Office reports to the Corporate Secretary, who in turn reports to the Associate Deputy Minister of Foreign Affairs.
In 2011-2012, the ATIP staff varied from 45 to 53 employees which included contractors. Effective September 2011 the office had 45 staff to fulfill DFAIT’s obligations under the Access to Information and Privacy Acts. The ATIP office consisted of: the Director, four Deputy Directors, six team leaders, twenty two analysts at various levels, five clerical staff and six consultants. The work ranges from processing complex and/or voluminous requests to more straight forward, routine requests and consultations from other government departments as well as providing advice to internal and external stakeholders and providing training to departmental staff.
Recent changes to the ATIP Office’s structure include a new fast-track Consultation team and an Intake Unit, which were implemented in the 2011-2012 reporting period.
Some staffing actions were completed during this reporting period, including an external staffing process which was carried over to 2012-2013.
Administration of Requests
The following section explains in more detail the TBS statistical report as provided in Annex B.
Privacy Requests
Between April 1, 2011 and March 31, 2012, the Department received one hundred and sixteen (116) requests for personal information under the Privacy Act. Along with those new requests, thirty-three (33) requests were carried over from the previous fiscal year, for a total of one-hundred and forty-nine (149) requests. During the reporting period, one hundred and thirty-seven (137) requests were completed and twelve (12) still active files were carried over to the next reporting period.
Disposition of Completed Requests
The distribution of completed requests is as follows:
| Requests | Number of Requests |
|---|---|
| Total | 137 |
| All disclosed | 47 |
| Disclosed in part | 62 |
| Nothing disclosed (excluded) | 0 |
| Nothing disclosed (exempted) | 0 |
| Unable to process | 13 |
| Abandonded by applicant | 15 |
| Transferred | 0 |
Exemptions and Exclusions
The exemption most commonly used by the Department during the period was section 26 [Information about another individual] of the Privacy Act. It was invoked in fifty-three (53) requests. The Department applied exclusions under sub-section 70(1) [confidences of cabinet] one (1) time during this reporting period.
Extensions
During the reporting period, the Department claimed extensions pursuant to paragraphs 15(a)(i) and 15(a)(ii): 19 and 15 times, respectively.
Consultations Received from Other Institutions
When a request contains records that are of a greater interest to another institution, the Access to Information and Privacy Coordinator of that institution is consulted. Between April 1, 2011 and March 31, 2012, the Department received eighty-six (86) consultations under the Privacy Act from other federal government institutions.
During the reporting period, seventy-three (73) consultations were completed under the Privacy Act representing two thousand, one-hundred and fifty-one (2,151) pages.
Disclosure of Personal Information
Subsection 8(1) of the Privacy Act states that “personal information under the control of a government institution shall not, without the consent of the individual to whom it relates, be disclosed by the institution except in accordance with this section.”
Subsection 8(2) of the Privacy Act states that “personal information under the control of a government institution may be disclosed” under certain specific circumstances.
Paragraph 8(2)(b)
Personal information may be disclosed “for any purpose in accordance with any Act of Parliament or any regulation made there under that authorizes its disclosure.”
The ATIP Office did not disclose any personal information pursuant to this paragraph during this reporting period.
Paragraph 8(2)(c)
Personal information may be disclosed “for the purpose of complying with a subpoena or warrant issued or order made by a court, person or body with jurisdiction to compel the production of information or for the purpose of complying with rules of court relating to the production of information.”
The ATIP Office did not disclose any personal information pursuant to this paragraph during this reporting period.
Paragraph 8(2)(d)
Personal information may be disclosed “to the Attorney General of Canada for use in legal proceedings involving the Crown in right of Canada or the Government of Canada.”
The ATIP Office did not disclose any personal information pursuant to this paragraph during this reporting period.
Paragraph 8(2)(e)
Personal information may be disclosed “to an investigative body […] for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation…”
Under this paragraph of the Privacy Act, six (6) requests were received and treated. Most of the requests under section 8(2)(e) are received from the RCMP and CSIS in regards to passport application files. As such, the ATIP team at Passport Canada processes the bulk of these requests.
Paragraph 8(2)(f)
Personal information may be disclosed “under an agreement or arrangement between the Government of Canada [...] and the government of a province [or territory] [...] for the purpose of administering or enforcing any law or carrying out a lawful investigation.”
The ATIP Office did not disclose any personal information pursuant to this paragraph during this reporting period.
Paragraph 8(2)(g)
Personal information may be disclosed “to a member of Parliament for the purpose of assisting the individual to whom the information relates in resolving a problem.”
The ATIP Office did not disclose any personal information pursuant to this paragraph during this reporting period.
Paragraph 8(2)(l)
Personal information may be disclosed “to any government institution for the purpose of locating an individual in order to collect a debt owing to Her Majesty in right of Canada”.
The ATIP Office did not disclose any personal information pursuant to this paragraph during this reporting period.
Paragraph 8(2)(m)
Personal information may be disclosed “for any purpose where, in the opinion of the head of the institution,
(i) the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or
(ii) disclosure would clearly benefit the individual to whom the information relates.”
Under this paragraph of the Privacy Act, one (1) request was treated during the reporting period. The request was received under section 8(2)(m)(ii) of the Act from the Public Health Agency of Canada (PHAC) who require contact information about individuals who were identified as sitting in close proximity to a person with infectious tuberculosis for longer than eight hours on a commercial aircraft. The release is deemed necessary to notify the appropriate provincial/territorial public health authorities who will inform the individuals of the risk of having been infected with latent tuberculosis infection. DFAIT has no objection to the release of the personal information without the consent of the subject individuals since the disclosure will clearly benefit the individuals to whom the information relates. In all cases, the Privacy Commissioner’s Office was notified of the release at the same time as the disclosure to the PHAC took place due to the urgency in such matters.
Complaints and Investigations
Complaints Received and Completed
During the reporting period, five (5) complaints against the Department were filed with the Privacy Commissioner of Canada.
| Reason for Complaint | Number of Complaints |
|---|---|
| Delay | 1 |
| Extension | 0 |
| Fees | 0 |
| Refusal - Exemptions | 1 |
| Refusal - General | 2 |
| Miscellaneous | 1 |
| Use and Disclosure | 0 |
Three (3) investigations were completed during the reporting period.
| Finding | Result | ||
| Discontinued | 0 | No Action Required | 3 |
| Not substantiated | 0 | Remedial Action Taken | 0 |
| Not Well Founded | 2 | ||
| Resolved | 0 | ||
| Well Founded | 1 | ||
Privacy Breaches
During the reporting period the Department’s ATIP Office handled six (6) incidents of privacy breaches, which involved the loss or theft of passport applications by missions and improper disclosure of personal information. In all instances, where possible, subject individuals were notified in writing of the breach and of their right to submit a complaint to the Office of the Privacy Commissioner of Canada (OPC). The ATIP Office also notified the OPC directly who were satisfied with its process and corrective measures.
Administration of Personal Information
The Directive on Privacy Impact Assessment (PIA) was introduced by Treasury Board Secretariat (TBS) effective April 1st, 2010. This Directive ensures that privacy is taken into account and that privacy implications are appropriately identified, assessed and resolved: before a new or substantially-modified program, activity or service involving personal information is implemented; when personal information is used for or is intended to be used as part of a decision-making process that directly affects an individual; and when contracting out or transferring a program or activities to another level of government or the private sector results in substantial modification to the program or activities. It is a step-by-step evaluation of the flow of personal information held within a given program, activity or service. More specifically, this process enables the Department to determine whether new technologies, information systems, initiatives, and proposed programs, activities, services or policies meet federal government privacy requirements.
In addition, as a result of TBS’ 2005 Management of Information Technology Security (MITS) requirements, DFAIT must ensure the security of information and information technology (IT) assets which includes the requirement to prepare Privacy Impact Assessments for most of its systems.
From the initiation of a PIA to the final product, the ATIP Office provides privacy policy advice and guidance to program areas within the Department.
During the reporting period and in compliance with the above Directive, DFAIT initiated ten (10) new PIAs. As well, it completed and submitted nine (9) PIAs to the Office of the Privacy Commissioner (OPC) for review. During that same period, DFAIT also published one (1) previously completed PPIA on its departmental Internet site. DFAIT has since published an additional nine (9) PIA’s on its departmental Internet site.
The following information regarding PPIA and PIA activities in 2011-2012 is listed in alphabetical order:
Preliminary Privacy Impact Assessments (PPIA)
Emergency Management Portal
The Emergency Management Portal is a web-based reporting tool that will provide senior management and operational teams at HQ and missions with a centralized view of international emergencies affecting our missions around the world. It will consolidate all emergency management activities and information for the purpose of monitoring, managing and reporting on international emergencies: humanitarian, consular, global health, security, environmental, technological, political and economic crises. The portal will provide real-time situational awareness, analysis and lessons learned to improve emergency and crisis management.
A PPIA was initiated, completed and a copy submitted to the OPC. The Executive summary of the PPIA was published on DFAIT’s Internet Website during the reporting period at: Publications - Access to Information and Privacy.
Privacy Impact Assessments (PIA)
ccmMercury
ccmMercury is a database application designed to allow users to track the flow of a record including related attachments in many file formats. Its integration with an imaging solution allows a user to scan documents and through the use of templates, documents such as standard replies and routing slips can be automatically created. Searching and reporting capabilities allow users to easily find and report on the data captured in a system. DFAIT implemented ccmMercury in 2001. At the time of implementation, a single system to manage the Ministerial correspondence process was in use. Over the years, additional systems were deployed through ccmMercury as per the Department’s requirement. Each system is independent of other systems within the ccmMercury environment.
A PIA was initiated, completed and a copy submitted to the OPC. During the reporting period, the OPC advised that they do not have comments to provide and closed their file. The ATIP Office was also informed that access to the ccmMercury database will be expanded to Passport Canada and recommended that an Addendum to the existing PIA be developed to assess the associated privacy implications. At the end of the reporting period, the ATIP Office was still awaiting a first draft of the Addendum.
Consular Management and Operations System (COSMOS)
The Consular Affairs Bureau provides information and assistance services to Canadians living and travelling abroad. When an individual requests services or assistance from Consular Affairs, a consular case file is created. In order to better manage consular activities, the Department created the COSMOS application software which delivers a comprehensive set of tools designed to facilitate the management of consular cases, the issuance of emergency and standard passports for Canadians abroad and the registration of Canadians abroad. Through the COSMOS system missions are able to better assist Canadians while travelling abroad.
A PIA was initiated, completed and a copy submitted to the OPC which provided recommendations during the reporting period. The ATIP Office responded to these recommendations and was still awaiting the OPC’s comments on its response at the end of that same period.
Departmental Exit Interview/Questionnaire
DFAIT is developing a Behavioural Research – Exit Interview/Questionnaire in order to identify areas of the department where there are more frequent staff departures and determine what might be the cause. Although it is unlikely that an administrative decision affecting an individual would result from the questionnaire, given that very sensitive personal information may be provided by participants, the ATIP Office recommended that a PIA be completed for this new activity.
A PIA was initiated during the reporting period. Upon completion of the PIA, the Executive Summary will be posted on DFAIT’s Internet Website.
Extractive Sector Corporate Social Responsibility (CSR) Counsellor
The Office of the Extractive Sector CSR Counsellor was established in 2009 as part of the Government of Canada’s CSR Strategy for the International Extractive Sector. The Strategy is designed to help Canadian mining, oil and gas companies meet their social and environmental responsibilities when operating abroad. The Office of the CSR Counsellor has a mandate to review CSR practices of Canadian companies operating outside of Canada and to advise stakeholders on recognized best practices and endorsed performance standards and to resolve any related complaints.
A PIA was initiated, completed and a copy submitted to the OPC during the reporting period. The ATIP Office has since published the Executive Summary of the PIA on DFAIT’s Internet Website at: http://www.international.gc.ca/about-a_propos/atip-aiprp/responsibility-responsabilite.aspx?view=d.
Foreign Service Directive (FSD) Portal
FSDs are designed to provide a system of allowances, benefits and conditions of employment that, in combination with salary, enable departments and agencies to recruit, retain and deploy qualified employees in support of government programs outside Canada.
The FSD Portal is an application that will be used to manage clients in missions outside of Canada. The Portal will receive data from the Human Resources Management System for all DFAIT clients. Client information of other government departments will be manually captured within the Portal. The FSD Portal will also feed into DFAIT’s Integrated Management System with the necessary information to ensure that the clients are paid in a timely fashion.
A PIA was initiated for this activity. The PIA was completed and a copy submitted to the OPC during the reporting period. The ATIP Office has since posted the Executive Summary of the PIA on DFAIT’s Internet Website at: http://www.international.gc.ca/about-a_propos/atip-aiprp/pia_fsd_portal-efvp_dse_portail.aspx?lang=eng&view=d, however, it will be captured in the 2012-2013 reporting period.
Human Resources Management System (HRMS) and the Implementation of its Recruit Module
As with many other government departments, DFAIT uses the Human Resources Management System for human resource related matters such as appointments, leave, etc.
A PIA was initiated for the implementation of the Recruit Module in the HRMS application. During the reporting period, the PIA was completed and a copy submitted to the OPC which advised that they had no comments and closed their file.
DCP has since posted the Executive Summary of the PIA on DFAIT’s Internet Website at: http://www.international.gc.ca/about-a_propos/atip-aiprp/hrms_recruit-recrut_sgrh.aspx?lang=eng&view=d, however, it will be captured in the 2012-2013 reporting period.
Intrusion Detection Access Control System (IDACS)
The Lester B. Pearson Building, 125 Sussex Drive, is the primary site for the Intrusion Detection and Access Control System’s (IDACS) operation. DFAIT has a total of 11 satellite offices within the National Capital Area (NCA), all of which are serviced by IDACS at HQ. DFAIT also has 11 Regional Offices across Canada but none were connected to the IDACS at the time the PIA was completed, therefore these offices were out of the scope of the PIA. Specifically, the Halifax Regional Office has since been added to the system and the Moncton and Toronto Regional Offices will be added in the near future.
In the vast majority of NCA sites, the IDACS is used in concert with ‘guard forces’ to control physical access into DFAIT office spaces. Sites without a guard force presence are secured at all times and access is controlled via the IDACS. All sites are also protected against illegal intrusion by the monitoring afforded via their IDACS. This system reports all alarms to the security control center at DFAIT headquarters and guards respond depending on each site's requirements.
A PIA was initiated and a copy was completed and submitted to the OPC during the reporting period. The ATIP Office has since published the Executive Summary of the PIA on DFAIT’s Internet Website at:http://www.international.gc.ca/about-a_propos/atip-aiprp/IDACS-SDICA.aspx?lang=eng&view=d, however, it will be captured in the 2012-2013 reporting period.
Info Bank
Info Bank is an information management system. It is DFAIT’s Records Documents Information Management System (RDIMS).
DFAIT initiated a PPIA for this system which was finalized as a full PIA and a copy was submitted to the OPC during the reporting period. The OPC responded with no comments on the PIA.
The ATIP Office has since posted the Executive Summary of the PIA on DFAIT’s Internet Website at: http://www.international.gc.ca/about-a_propos/atip-aiprp/infobank-infobanque.aspx?lang=eng&view=d, however, it will be captured in the 2012-2013 reporting period.
Official Events System (OES)
The Office of Protocol at the Department of Foreign Affairs and International Trade Canada (DFAIT) is responsible for organizing all official events and ensuring appropriate hospitality arrangements. The Office of Protocol receives service requests from the Prime Minister’s Office, the Privy Council Office, Geographic Sections, and other Government Departments (OGDs). It plans, coordinates and implements all official visits and events in Canada and abroad; facilitates the presence in Canada of Foreign representatives and their dependents; and coordinates official international travel by the Governor General of Canada, the Prime Minister and Minister’s in DFAIT’s portfolio. It also provides for ministerial and officials’ representation at international conferences.
The Official Events System (OES) is used by the Office of Protocol to support the management of official events hosted by the Government of Canada. The OES replaced the Hospitality System that was used by the Office of Protocol since 1998. The new OES incorporates new features and portability requirements provide a more robust and flexible system.
A PIA was initiated, completed and a copy submitted to the OPC during the reporting period. The ATIP Office has since posted the Executive Summary of the PIA on DFAIT’s Internet Website at: http://www.international.gc.ca/about-a_propos/atip-aiprp/pia_official_events-efvp_activites_officielles.aspx?lang=eng&view=d, however, it will be captured in the 2012-2013 reporting period
Online Registration for Canada Trade Missions
The International Trade Missions Division is primarily responsible for the planning, coordination and execution of trade missions abroad.
A PPIA was originally submitted to the OPC on Aug. 14, 2007. The OPC provided some recommendations and asked additional questions to which the ATIP Office has responded.
Due to substantial changes relating to the collection, use and disclosure of the personal information, a PIA was initiated during the reporting period.
Upon completion of the PIA, the Executive Summary of the PIA will be posted on DFAIT’s Internet Website at: http://www.international.gc.ca/about-a_propos/atip-aiprp/publications.aspx?lang=eng&menu_id=3.
Scholarship – Public Diplomacy Funding
The Government of Canada’s Academic Relations Program’s international scholarships are managed by the department. The program’s objective is to promote Canadian values and identity around the world in order to strengthen Canada’s international relations. Through its international scholarship activities, which include scholarships for Canadians by foreign governments, DFAIT is committed to participation in international study and research partnerships that build understanding among peoples, develop global citizens and leaders, and contribute to the development of nations. The Commonwealth Scholarships, which were among the first international scholarships established, were initiated in 1959 when Commonwealth countries, led by Canada, set up a scholarship plan to strengthen the links between them and encourage higher education. Canada is the largest contributor of Commonwealth scholarships after the United Kingdom.
A copy of the PPIA was submitted to the OPC in November 2006. The OPC recommended that a full PIA be conducted. The PIA was completed and a copy submitted to the OPC during the reporting period. The ATIP Office has since posted the Executive Summary of the PIA on DFAIT’s Internet Website at: http://www.international.gc.ca/about-a_propos/atip-aiprp/pia_scholar-inter-efvp_bourse.aspx?lang=eng&view=d, however, it will be captured in the 2012-2013 reporting period.
Social Integration Proficiency Test (SIPT) on the Modular Object-Oriented Dynamic Learning Environment (Moodle) Network
This new software will be used to evaluate oral language proficiency and measure students’ progress during language training.
A PIA was initiated for this new activity during the reporting period. Upon completion of the PIA, the Executive Summary will be posted on DFAIT’s Internet Website at: http://www.international.gc.ca/about-a_propos/atip-aiprp/publications.aspx?lang=eng&menu_id=3&view=d
Summits
The Department is involved in organizing many international Summits (G7, G8, G20, La Francophonie, etc.). Regardless of the Summit, all involve the same process/implications, i.e. accreditation, media, Internet website, transportation, accommodation, etc. The ATIP Office has taken the lead in developing a general PIA covering all aspects of Summits, regardless of the type. A PIA was developed in consultation with all bureaus at DFAIT involved in the collection, use and disclosure of personal information in the preparation for a Summit.
A PIA was previously initiated, completed and a copy submitted to the OPC during the reporting period. At the end of that same period, the ATIP Office was also informed of substantial changes which affect the handling of personal information. Subsequently, a new PIA was initiated to properly assess the privacy implications involved with these changes.
The ATIP Office has since posted the Executive Summary of the PIA on DFAIT’s Internet Website at: http://www.international.gc.ca/about-a_propos/atip-aiprp/pia_summits-efvp_sommets.aspx?lang=eng&view=d, however, it will be captured in the 2012-2013 reporting period.
Telephone and Messaging Initiatives– Pilot Project
DFAIT is considering replacing its current voice messaging system in selected missions abroad as well as implementing IP Telephony at HQ that offers a complete voice messaging and telephone system. These two initiatives will be implemented as a pilot project. IP Telephony will be implemented throughout all missions.
A PIA was initiated for this pilot project during the reporting period. Upon completion of the PIA, the Executive Summary will be posted on DFAIT’s Internet Website at: http://www.international.gc.ca/about-a_propos/atip-aiprp/publications.aspx?lang=eng&menu_id=3&view=d.
Understanding Canada Program
The structure of the successful Canadian Studies program was changed to the Understanding Canada Program which supports activities and topics to advance Canada's bilateral agenda, and to create a pool of experts capable of spreading knowledge and a better understanding of Canada among current and future leaders abroad.
A PIA is required and was initiated during the reporting period. Upon completion of the PIA, the Executive Summary will be posted on DFAIT’s Internet Website at: http://www.international.gc.ca/about-a_propos/atip-aiprp/publications.aspx?lang=eng&menu_id=3&view=d.
Virtual Venture North (VVN)
DFAIT is currently looking at the possibility of creating an Internet Platform to be used by Government of Canada officials and selected stakeholders from the private sector to share various files and information.
A PIA is required and was initiated during the reporting period. Upon completion of the PIA, the Executive Summary will be posted on DFAIT’s Internet Website at: http://www.international.gc.ca/about-a_propos/atip-aiprp/publications.aspx?lang=eng&menu_id=3&view=d.
Trade Agreements and NAFTA Secretariat and the NAFTA Commission
The Trade Agreements and NAFTA Secretariat (TAS) administers the dispute settlement provisions of Canada’s Free Trade Agreements (FTAs). It also provides general administrative support for the implementation and functioning of those agreements and for the management of their governance committees, including the administrative organization of Ministerial, Deputy Ministerial and senior officials meetings and coordinating branch processes for the preparation of briefing materials for such meetings. In addition, the Secretariat is responsible for the coordination of environmental assessments of trade agreements and general research related to negotiation and implementation of FTAs.
The NAFTA Secretariat, Canadian Section, was previously a stand-alone portfolio
partner until the 2010 Budget Implementation Act, an Order-in-Council, integrated the Secretariat into DFAIT.
A PIA is required and was initiated during the reporting period. Upon completion of the PIA, the Executive Summary will be posted on DFAIT’s Internet Website at: http://www.international.gc.ca/about-a_propos/atip-aiprp/publications.aspx?lang=eng&menu_id=3&view=d.
Data Matching and Data Sharing
No new MOU / Information Sharing Agreements were signed during the reporting period.
Internal Operations
Backlog Project
With the injection of new funding in June 2010, the ATIP Office created ten (10) new full-time equivalents and launched a Backlog Project in July 2010 in order to clear the bulk of the late files. The Backlog Project has been a tremendous success, only three (3) files remain and are subject to consultations with other government departments.
Policy and Governance
DFAIT’s ATIP Office’s Policy & Governance Team (P&G) provides ATIP policy advice to the department, as well as to develop and deliver ATIP training to departmental employees, other government departments, and to new members of the ATIP Office.
The Policy & Governance Team’s responsibilities include: updating the Guidelines for processing ATIP requests; providing departmental staff with privacy policy advice, assistance and guidance; providing input and assistance with the preparation of the TBS' Statistical Reports and the Annual Reports to Parliament for both the Access to Information Act and the Privacy Act (Acts); reviewing policy instruments and tools in compliance with the Acts, as well as TBS' ATIP-related policies; and continuing to develop new privacy policy instruments to assist the Department to meet its responsibilities.
The P&G team is also responsible for updating DFAIT's Chapter in TBS' Info Source Publication, registering Personal Information Banks with TBS and delivering Info Source training, awareness and advice.
Info Source: Further to the full sweep conducted last fiscal year, the ATIP Office continued in its efforts to keep the department’s chapter up-to-date and in line with TBS requirements, making numerous changes to align with the Department’s ever changing structure and activities. Further to a TBS pilot project, Info Source is now published on the DFAIT public website.
Internet/Intranet Process: In the previous fiscal year, a new process was initiated whereby all new or updated forms published for the departmental Internet and Intranet required the approval of the ATIP Office. Due to the complexity of privacy policy and its many components (Class of Records, Class of Personal Information, Personal Information Bank (PIB), Privacy Notice Statement (PNS) and/or Privacy Impact Assessment (PIA)), the P&G Team strives to ensure that all components are reviewed in a thorough and timely fashion.
As anticipated, following the implementation of this new approval requirement, the number of forms received and reviewed by the ATIP Office has significantly increased during the reporting period. The ATIP Office believes that the numbers will rise even further when a similar process is implemented for all PDF forms.
It should be noted that this process is also beneficial to the Department as it provides another avenue/opportunity for ATIP awareness.
Training and Development
During 2011-2012, the ATIP Office continued to ensure that all analysts received the necessary training to do their job effectively via training sessions developed to meet the ATIP Office’s training needs and via a dedicated mentor/coach (a.k.a. team leader). The responsibilities of the team leaders are to provide a continuous and positive learning environment for employees’ development as ATIP specialists. Furthermore, learning plans are developed in consultation with each employee in order to effectively identify training needs.
The ATIP Office also continued to benefit from its ATIP Professional Development Program which allows DFAIT to “grow its own” ATIP analysts due to the lack of experienced candidates within the federal ATIP Community. This program has been very successful in addressing recruitment, retention and succession planning issues.
The Policy & Governance Team addresses the training needs of the Department and of the ATIP Office on a full-time basis and educates new employees as soon as they start working. It also ensures the Department complies with all other aspects of the Access to Information Act and Privacy Act.
DFAIT’s Intranet ATIP website is accessible to all employees at DFAIT as is a newly designed Wiki page. The Wiki page is still under development and will be fully implemented in 2012-2013.
The ATIP Office maintains a structured, department-wide ATIP awareness program to ensure that officials across the Department understand their roles and responsibilities. DFAIT has also expanded on the type of forums within which ATIP training is delivered to include staff meetings and “DFAIT 101” courses, for new employees. ATIP sessions are also delivered during the various training sessions provided to employees going abroad in order to better prepare them for their work at a mission.
The ATIP office also holds sessions with subject matter experts, during which records are reviewed in order to educate employees who exercise discretion when making recommendations for severance, on obstruction and injury.
To ensure that employees at mission also receive necessary training, sessions are delivered using videoconferencing or Webinar technology. During this reporting period 11 missions received training via videoconference. In addition, an online interactive ATIP tutorial, developed in collaboration with the Canadian Foreign Service Institute, is now available. DFAIT also shares this tool with other Departments to assist the federal ATIP community.
As previously reported in the 2010-2011 Annual Report to Parliament, a new training program on section 15 of the Act (injury to international affairs) was developed and delivered during the reporting period to the federal ATIP community. This presentation provides information on the responsibilities of DFAIT vis-à-vis both Acts when it pertains to records that have international implications, and provides other federal institutions with clear direction as to when DFAIT should be consulted. It is hoped that such training will help to decrease the high volume of consultations received by DFAIT and will aid other federal departments to identify what type of information and/or records should be sent to DFAIT for consultation.
In collaboration with the Consular Operations Bureau, a specific training program was designed for Consular Officers to assist in understanding their roles and responsibilities vis-a-vis the Acts in the context of providing consular services offered to Canadians. Scenario- based practical exercises were developed to better prepare them for possible situations they may encounter in the course of their duties. During the reporting period eight (8) training sessions were held with 99 participants.
The ATIP Office also redesigned and refined both the training program for ATIP Liaison Officers and subject-matter experts within Offices of Primary Interest (OPIs) across the Department. Employees are now able to register for these courses via an automated online service, which has improved the ATIP Office’s ability to deliver training.
In all, sixty-seven (67) separate ATIP training sessions were delivered during the reporting period, comprising of approximately nine hundred sixteen (916) employees, including:
- new ATIP Liaison Officers and their back-ups;
- subject matter experts within Offices of Primary Interest (OPIs);
- consular program officials and those preparing to work at missions abroad such as Mission Consular Officers, Foreign Service Officers and Honorary Consuls ; as well as various departmental program officials.
DFAIT’s ATIP Office continuously strives to refine its training tools and receives comments from employees participating in the various training session delivered. These comments result in refinements and enhancements to current programs as well as to develop new ones.
Policies, Guidelines and Procedures
As of January 1, 2012, the ATIP Office began posting summaries of Access to Information requests to the department’s website on a monthly basis to promote transparency in compliance with TBS guidelines. An internal process was established for the monthly postings, as well as for the processing of informal requests for previously released information.
No significant changes were made to internal Access to Information Act processes or policies in 2011-2012. However, much attention has been dedicated to educate departmental officials on their ATIP roles and responsibilities to ensure compliance and efficiencies.
During the reporting period, the Policy & Governance Team continued to revise its existing privacy-related policy instruments and initiated the drafting of new instruments which are better aligned with new and/or revised TBS ATIP-related policies. The policy instruments include the drafting of a new PIA Template, Privacy Protocol, etc. These instruments were close to being finalized at the end of the reporting period. Additional instruments are being considered and will be created in the next fiscal year.
Improvements
The following are improvements that have been made over the last reporting year 2011-2012 as well as ongoing initiatives to improve the overall ATIP function at DFAIT:
- The ATIP Office implemented its 3-year Business Plan and adjusted resources to dedicate teams to work on on-time files as well as the Backlog Project. It hired consultants to clear the backlog, created 10 new FTEs, re-aligned the organizational structure to better meet ATIP demands, and adjusted the teams throughout the year to address high risk and urgent ATIP matters.
- Due to ongoing recruitment and retention challenges across the federal ATIP community, it was not possible to fill all vacant positions. Nonetheless, efforts continue in this regard including participating in collective staffing processes and initiating our own external staffing process. The ATIP Professional Development Program continues to prove its worth especially since the ATIP Office was able to recruit and promote several candidates with its pool of qualified candidates.
- The ATIP Office ensured that TBS policy and reporting requirements were met. Presently three full-time senior analysts are dedicated to the ATIP Policy & Governance Team.
- The Policy & Governance Team continued to dedicate time and efforts to the Internet/Intranet process described in a previous section. This process was implemented as part of DFAIT’s commitment to ensuring that privacy protection is a core consideration in the administration of programs, activities and services involving personal information. This efficient process has also contributed to ensuring compliance with legislative privacy requirements and other related governance obligations as well as expanding privacy policy awareness throughout DFAIT.
- A new fast track consultation team and an intake unit were implemented.
- During the reporting period, DFAIT made significant improvements to the update of its Chapter in the Info Source publication:
- Three (3) new institution-specific Personal Information Banks (PIBs) were created, registered and inserted into DFAIT’s Info Source Chapter.
- Five (5) additional institution-specific Personal Information Banks (PIBs) were initiated and were still under development at the end of the reporting period.
- Two (2) existing Classes of Personal Information were updated and two (2) new ones were inserted into DFAIT’s Chapter.
Annex A: Designation Order
Privacy Act Designation Order
The Minister of Foreign Affairs, pursuant to section 73 of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons acting in those positions, to exercise the powers and perform the duties and functions of the Minister of Foreign Affairs as the head of a Government institution under the Act. This designation replaces the designation dated March 11, 1998.
Schedule
| Position | Sections of Privacy Act |
|---|---|
| 1. Deputy Minister of Foreign Affairs | All sections |
| 2. Deputy Minister for International Trade | All sections |
| 3. Director General Corperate Secretariat | All sections |
| 4. Director, Access to Information and Privacy Protection Division | All sections |
| 5. Deputy Director, Access to Information and Privacy Protection Division | All sections |
| 6. Heads of diplomatic/consular missions | Paragraph 8(2)(m) |
The Honourable Lawrence Cannon, P.C., M.P.
Ottawa, October 2nd, 2009
Annex B: 2011-2012 Statistical Report
Statistical Report on the Privacy Act
Name of Institution: Foreign Affairs and International Trade Canada
Reporting Period: 2011-04-01 to 2012-03-31
Part 1 - Requests under the Privacy Act
| Type of request | Number of requests |
|---|---|
| Received during the reporting period | 116 |
| Outstanding from previous period | 33 |
| Total | 149 |
| Completed during reporting period | 137 |
| Carried over to next reporting period | 12 |
Part 2 - Requests closed during the reporting period
2.1 Disposition and completion time
| Disposition of requests | Completion Time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 60 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Total | 30 | 61 | 21 | 9 | 4 | 5 | 7 | 137 |
| All Disclosed | 3 | 34 | 6 | 3 | 0 | 0 | 1 | 47 |
| Disclosed in part | 8 | 21 | 14 | 6 | 3 | 5 | 5 | 62 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 9 | 2 | 1 | 0 | 1 | 0 | 0 | 13 |
| Records abandoned | 10 | 4 | 0 | 0 | 0 | 0 | 1 | 15 |
2.2 Exemptions
| Section | Number of times |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 10 |
| 19(1)(b) | 1 |
| 19(1)(c) | 0 |
| 19(1)(d) | 0 |
| 19(1)(e) | 0 |
| 19(1)(f) | 0 |
| 20 | 0 |
| 21 | 16 |
| 22(1)(a)(i) | 4 |
| 22(1)(a)(ii) | 2 |
| 22(1)(a)(iii) | 0 |
| 22(1)(b) | 8 |
| 22(1)(c) | 0 |
| 22(2) | 0 |
| 22.1 | 0 |
| 22.2 | 0 |
| 22.3 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 0 |
| 26 | 53 |
| 27 | 13 |
| 28 | 0 |
2.3 Exclusions
| Section | Number of times |
|---|---|
| 69(1)(a) | 2 |
| 69(1)(b) | 0 |
| 69.1 | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 1 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
2.4 Format of information released
| Disposition | Paper | Electronic | Other Formats |
|---|---|---|---|
| All disclosed | 43 | 4 | 0 |
| Disclosed in part | 43 | 19 | 0 |
| Total | 86 | 23 | 0 |
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
| Disposition of requests | Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|---|
| Request abandoned | 278 | 0 | 15 |
| All disclosed | 1378 | 1,369 | 47 |
| Disclosed in part | 28,765 | 19,083 | 62 |
| All exempted | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 |
2.5.2 Relevant pages processed and disclosed by size of requests
| Disposition | Less than 100 pages processed | 101-500 pages processed | ||
|---|---|---|---|---|
| Number of Requests | Number of Requests | Number of Requests | Pages disclosed | |
| All disclosed | 43 | 90 | 4 | 1279 |
| Disclosed in part | 34 | 916 | 14 | 2887 |
| All exempted | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 |
| Abandoned | 14 | 0 | 1 | 0 |
| Total | 91 | 1006 | 19 | 4166 |
| Disposition | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||
|---|---|---|---|---|---|---|
| Number of Requests | Number of Requests | Number of Requests | Pages disclosed | Number of Requests | Pages disclosed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 6 | 3154 | 7 | 11205 | 1 | 921 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 6 | 3154 | 7 | 11205 | 1 | 921 |
2.5.3 Other complexities
| Disposition | Consultation required | Legal Advice Sought | Interwoven Information | Other | Total |
|---|---|---|---|---|---|
| Total | 24 | 0 | 4 | 16 | 44 |
| All disclosed | 5 | 0 | 0 | 4 | 5 |
| Disclosed in part | 18 | 0 | 4 | 15 | 37 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Abandoned | 1 | 0 | 0 | 1 | 2 |
2.6 Deemed refusals
2.6.1 Reasons for not meeting statutory deadline
| Number of requests closed past the statutory deadline | Principal Reason | |||
|---|---|---|---|---|
| Workload | External consultation | Internal consultation | Other | |
| 28 | 12 | 15 | 0 | 1 |
2.6.2 Number of days past deadline
| Number of days past deadline | Number of requests past deadline where no extension was taken | Number of requests past deadline where an extension was taken | Total |
|---|---|---|---|
| Total | 11 | 17 | 28 |
| 1 to 15 days | 2 | 0 | 2 |
| 16 to 30 days | 2 | 5 | 7 |
| 31 to 60 days | 0 | 1 | 1 |
| 61 to 120 days | 3 | 3 | 6 |
| 121 to 180 days | 0 | 1 | 1 |
| 181 to 365 days | 0 | 4 | 4 |
| More than 365 days | 4 | 3 | 7 |
2.7 Requests for translation
| Translation Requests | Accepted | Refused | Total |
|---|---|---|---|
| Total | 0 | 0 | 0 |
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
Part 3 - Disclosures under subsection 8(2)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Total |
|---|---|---|
| 6 | 1 | 7 |
Part 4 - Requests for correction of personal information and notations
| Number | |
|---|---|
| Requests for correction received | 0 |
| Requests for correction accepted | 0 |
| Requests for correction refused | 0 |
| Notations attached | 1 |
Part 5 - Extensions
5.1 Reasons for extensions and dispositions of requests
| Disposition of requests where an extension was taken | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation or conversion | |
|---|---|---|---|---|
| Section 70 | Other | |||
| Total | 19 | 0 | 15 | 0 |
| All disclosed | 6 | 0 | 2 | 0 |
| Disclosed in part | 13 | 0 | 12 | 0 |
| All exempted | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 |
| No records exist | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 1 | 0 |
5.2 - Length of extensions
| Length of extensions | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation purposes | |
|---|---|---|---|---|
| Section 70 | Other | |||
| 1 to 15 days | 0 | 0 | 0 | 0 |
| 16 to 30 days | 19 | 0 | 15 | 0 |
| Total | 19 | 0 | 15 | 0 |
Part 6 - Consultations received from other institutions and organisations
6.1 Consultations received from other government institutions and organisations
| Consultations | Other government institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during the reporting period | 77 | 1831 | 1 | 9 |
| Outstanding from the previous reporting period | 8 | 323 | 0 | 0 |
| Total | 85 | 2154 | 1 | 9 |
| Closed during the reporting period | 73 | 2151 | 1 | 9 |
| Pending at the end of the reporting period | 12 | 3 | 0 | 0 |
6.2 Recommendations and completion time for consultations received from other government institutions
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclose entirely | 5 | 3 | 5 | 1 | 0 | 0 | 1 | 15 |
| Disclose in part | 0 | 3 | 4 | 4 | 0 | 1 | 0 | 12 |
| Exempt entirely | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 2 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 26 | 7 | 4 | 1 | 2 | 1 | 0 | 41 |
| Other | 3 | 0 | 0 | 0 | 0 | 0 | 0 | 3 |
| Total | 36 | 13 | 13 | 6 | 2 | 2 | 1 | 73 |
6.3 Recommendations and completion time for consultations received from other organizations
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclose entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclose in part | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 1 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 1 |
Part 7 - Completion time of consultations on Cabinet confidences
| Number of Days | Number of responses received | Number of responses received past deadline |
|---|---|---|
| 1 to 15 | 0 | 0 |
| 16 to 30 | 0 | 0 |
| 31 to 60 | 1 | 0 |
| 61 to 120 | 0 | 0 |
| 121 to 180 | 0 | 0 |
| 181 to 365 | 0 | 0 |
| More than 365 | 0 | 0 |
| Total | 1 | 0 |
Part 8 - Resources related to the Privacy Act
8.1 Costs
| Expenditures | Amount | |
|---|---|---|
| Salaries | $403,674 | |
| Overtime | $1,604 | |
| Goods and Services | $324,907 | |
| - Contracts for privacy impact assessments | $0 | |
| - professional services contracts | $304,620 | |
| - Other | $20,287 | |
| Total | $730,185 | |
8.2 Human Resources
| Resources | Dedicated full-time | Dedicated part-time | Total |
|---|---|---|---|
| Total | 12.96 | 0.00 | 12.96 |
| Full-time employees | 7.36 | 0.00 | 7.36 |
| Part-time and casual employees | 0.64 | 0.00 | 0.64 |
| Regional staff | 0.00 | 0.00 | 0.00 |
| Consultants and agency personnel | 4.96 | 0.00 | 4.96 |
| Students | 0.00 | 0.00 | 0.00 |
2011-2012 Statistical Reports
Supplementary Reporting Requirements
Foreign Affair and International Trade Canada
Indicate the number of:
| Preliminary Privacy Impact Assessments initiated: | 0 |
| Preliminary Privacy Impact Assessments completed: | 0 |
| Privacy Impact Assessments initiated: | 10 |
| Privacy Impact Assessments completed: | 9 |
| Privacy Impact Assessments forwarded to the Office of the Privacy Commissioner (OPC): | 9 |
If your institution did not undertake any of the activities noted above during the reporting period, this must be stated explicitly.
Passport Canada
Indicate the number of:
| Preliminary Privacy Impact Assessments initiated: | 0 |
| Preliminary Privacy Impact Assessments completed: | 0 |
| Privacy Impact Assessments initiated: | 3 |
| Privacy Impact Assessments completed: | 2 |
| Privacy Impact Assessments forwarded to the Office of the Privacy Commissioner (OPC): | 2 |
If your institution did not undertake any of the activities noted above during the reporting period, this must be stated explicitly.
